Legal claims defining the scope of protection, as filed with the USPTO.
1. A method, comprising: in a communication network wherein a first computing device is an end user device, a second computing device is a gateway server, and a third computing device is an application server; the second computing device authenticating one or more packets received from the first computing device; and the second computing device marking the one or more packets with a first-layer identity before routing the one or more packets toward the third computing device such that the third computing device is able to authenticate the one or more packets from the first computing device by confirming an association between the first-layer identity and a second-layer identity; wherein the first-layer identity comprises an identity associated with a first layer and the second-layer identity comprises an identity associated with a second layer, the first layer being different from the second layer; wherein the first-layer identity comprises a link layer identity assigned to the first computing device; wherein the second-layer identity comprises an application layer identity assigned to the first computing device; and wherein the second computing device further marks the one or more packets with a gateway identity of the second computing device such that the one or more packets are marked with a label that comprises the first-layer identity of the end user device and said gateway identity.
2. The method of claim 1 , wherein the marking of the one or more packets comprises appending the first-layer identity to each of the one or more packets.
3. The method of claim 1 , wherein the marking of the one or more packets comprises inserting the first-layer identity into each of the one or more packets.
4. The method of claim 1 , wherein the marking of the one or more packets with the first-layer identity is responsive to a deep packet inspection.
5. The method of claim 1 , wherein the marking of the one or more packets with the first-layer identity is responsive to a presence of at least one condition.
6. The method of claim 5 , wherein the at least one condition is an OpenID-based identifier request.
7. The method of claim 5 , wherein the at least one condition is an identity provider destination.
8. The method of claim 1 , wherein the communication network is a visiting communication network with respect to the end user device.
9. The method of claim 8 , wherein the gateway server is a gateway server in the visiting network at which the one or more packets terminate in accordance with a tunneling protocol.
10. The method of claim 1 , wherein the application server is an identity provider server.
11. The method of claim 1 , wherein the application server is a bootstrapping function server.
12. The method of claim 1 , wherein the application server is a call session control function server.
13. An article of manufacture comprising a non-transitory processor-readable storage medium storing one or more software programs which when executed by a processor associated with the second computing device perform the steps of the method of claim 1 .
14. A method, comprising: in a communication network wherein a first computing device is an end user device, a second computing device is a gateway server, and a third computing device is an application server; the third computing device receiving one or more packets from the second computing device, the second computing device having authenticated the one or more packets received from the first computing device and having marked the one or more packets with a first-layer identity before routing the one or more packets toward the third computing device; and the third computing device authenticating the one or more packets from the first computing device by confirming an association between the first-layer identity and a second-layer identity; wherein the first-layer identity comprises an identity associated with a first layer and the second-layer identity comprises an identity associated with a second layer, the first layer being different from the second layer; wherein the first-layer identity comprises a link layer identity assigned to the first computing device; wherein the second-layer identity comprises an application layer identity assigned to the first computing device; and wherein the one or more packets are further marked with a gateway identity of the second computing device, such that the one or more packets are marked with a label that comprises the first-layer identity of the end user device and said gateway identity.
15. An article of manufacture comprising a non-transitory processor-readable storage medium storing one or more software programs which when executed by a processor associated with the third computing device perforin the steps of the method of claim 14 .
16. An apparatus, comprising: in a communication network wherein a first computing device is an end user device and a second computing device is an application server, a third computing device serving as a gateway server and comprising: a memory; and a processor coupled to the memory and operative to: authenticate one or more packets received from the first computing device; and mark the one or more packets with a first-layer identity before routing the one or more packets toward the second computing device such that the second computing device is able to authenticate the one or more packets from the first computing device by confirming an association between the first-layer identity and a second-layer identity; wherein the first-layer identity comprises an identity associated with a first layer and the second-layer identity comprises an identity associated with a second layer, the first layer being different from the second layer; wherein the first-layer identity comprises a link layer identity assigned to the first computing device; wherein the second-layer identity comprises an application layer identity assigned to the first computing device; and wherein the processor of the third computing device is further operative to mark the one or more packets with a gateway identity of the third computing device such that the one or more packets are marked with a label that comprises the first-layer identity of the end user device and said gateway identity.
17. An apparatus, comprising: in a communication network wherein a first computing device is an end user device and a second computing device is a gateway server, a third computing device serving as an application server and comprising: a memory; and a processor coupled to the memory and operative to: receive one or more packets from the second computing device, the second computing device having authenticated the one or more packets received from the first computing device and having marked the one or more packets with a first-layer identity before routing the one or more packets toward the third computing device; and authenticate the one or more packets from the first computing device by confirming an association between the first-layer identity and a second-layer identity; wherein the first-layer identity comprises an identity associated with a first layer and the second-layer identity comprises an identity associated with a second layer, the first layer being different from the second layer; wherein the first-layer identity comprises a link layer identity assigned to the first computing device; wherein the second-layer identity comprises an application layer identity assigned to the first computing device; and wherein the one or more packets are further marked with a gateway identity of the second computing device, such that the one or more packets are marked with a label that comprises the first-layer identity of the end user device and said gateway identity.
Unknown
March 3, 2015
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.